Printable View
@mesnitu - can you tell us how did you manage to handle the consent problem? How did you create the field that records user's consent value and date (the Privacy Checkbox thick). We are trying to achieve this in order to prove given consent from new customers as of 25 may.
10x
I'm using the default zencart "Regulations->Confirm Privacy Notice During Account Creation Procedure"Quote:
Originally Posted by Adrian Ciocîrlan
But since that Confirm Privacy Notice is not registered anywhere , I had to create a table to save all records on create account and existent users.
So if a user creates a account, he has to accept. If a existing user login he's notify and that notification is registers. If he accepts or not, really doen't matter. I just need to have something to show that the client was notify and is aware of that, etc,etc...Code:CREATE TABLE `customers_gdpr` (
`customers_id` int(11) NOT NULL,
`customers_account_created_date` datetime DEFAULT NULL,
`customers_accept_terms` tinyint(4) DEFAULT '0',
`customers_accept_terms_date` datetime DEFAULT CURRENT_TIMESTAMP,
`customers_was_notify_date` datetime DEFAULT NULL,
`customers_delete_account_request` tinyint(4) DEFAULT '0',
PRIMARY KEY (`customers_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
I just use the confirm privacy regulation at account creation and accept terms and conditions at the point of sale.
I do not think there is a need to keep a record that they accepted it as they cannot create an account without accepting it or place an order without accepting terms.
I did change the wording on the terms one to say accept and read terms and privacy policy. That should be proof enough for anyone.
DO NOT COPY AND PASTE, cause it will not work.
create a file at "auto_loader" folder, to load observer and init_scripts
THE OBSERVER - It checks at create account and loging. Sends some emails, etc...PHP Code:$autoLoadConfig[190][] = array('autoType'=>'class',
'loadFile'=>'observers/class.customer_gdpr.php');
$autoLoadConfig[190][] = array('autoType'=>'classInstantiate',
'className'=>'CustomerGdpr',
'objectName'=>'CustomerGdpr');
$autoLoadConfig[180][] = array('autoType'=>'init_script',
'loadFile'=> 'init_customers_rgpd.php');
INIT_SCRIPTPHP Code:<?php
/**
* customerGdpr Class.
* This class is used to manage customers RGPD compliance
*
* @package classes
*/
class CustomerGdpr extends base {
private $has_accepted = false;
private $was_notify = false;
private $was_notify_date = '';
var $users_delete_request = '';
function __construct() {
global $zco_notifier;
$notifyme = array();
// if not redirects to account page
$notifyme[] = 'NOTIFY_LOGIN_SUCCESS';
// Now the customer can agree or not. Either way it was a record is inserted in DB
$notifyme[] = 'NOTIFY_HEADER_END_ACCOUNT';
// Inserts privacy policy into DB at registration page
$notifyme[] = 'NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD';
$this->attach($this, $notifyme);
if($_SESSION['customers_delete_account_request']==1) {
$this->users_delete_request = true;
}
}
/**
* NOTIFY_LOGIN_SUCCESS
* Verifica se o cliente já concordou com a RGPD.
*/
public function updateNotifyLoginSuccess(&$callingClass, $notifier, $paramsArray) {
global $db, $messageStack;
if ($_SESSION['customer_rgpd'] =='' && $_SESSION['customer_rgpd_notified'] == '') {
$customer_id = $_SESSION['customer_id'];
$customers_info = $db->Execute("SELECT customers_info_date_account_created FROM " . TABLE_CUSTOMERS_INFO . " WHERE customers_info_id=" . (int)$customer_id. ";");
$sql = " SELECT * FROM ".TABLE_CUSTOMERS_GDPR." WHERE customers_id = :customers_id: ";
$sql = $db->bindVars($sql , ':customers_id:', $_SESSION['customer_id'], 'integer');
$res = $db->Execute($sql);
if ($res->RecordCount() == 0) {
$sql = "INSERT INTO ".TABLE_CUSTOMERS_GDPR." VALUES (:customers_id:, :customers_account_created_date:, :customers_accept_terms:, :customers_accept_terms_date:, :customers_was_notify_date:, :customers_delete_account_request:)";
$sql = $db->bindVars($sql , ':customers_id:', $customer_id, 'integer');
$sql = $db->bindVars($sql, ':customers_account_created_date:', $customers_info->fields['customers_info_date_account_created'], 'date');
$sql = $db->bindVars($sql, ':customers_accept_terms:', '0', 'integer');
$sql = $db->bindVars($sql, ':customers_accept_terms_date:', 'NULL', 'string');
$sql = $db->bindVars($sql, ':customers_was_notify_date:', 'NOW()', 'noquotestring');
$sql = $db->bindVars($sql, ':customers_delete_account_request:', '0', 'integer');
$res = $db->Execute($sql);
$_SESSION['customer_rgpd_notified'] = true;
//$messageStack->add_session('site_notifications', $this->displayRgpdMsg(), 'caution');
}
} elseif ($_SESSION['customer_rgpd'] =='0' && $_SESSION['customer_rgpd_notified'] !== '') {
//$messageStack->add_session('site_notifications', $this->displayRgpdMsg(), 'caution');
}
}
/**
* Inserir politica de privacidade no registo do cliente
*/
public function updateCreateAccountAddedCustomerRecord(&$callingClass, $notifier, $paramsArray) {
global $db;
$customer_id = $_SESSION['customer_id'];
$sql = "INSERT INTO ".TABLE_CUSTOMERS_GDPR." VALUES (:customers_id:, :customers_account_created_date:, :customers_accept_terms:, :customers_accept_terms_date:, :customers_was_notify_date:, :customers_delete_account_request:)";
$sql = $db->bindVars($sql , ':customers_id:', $customer_id, 'integer');
$sql = $db->bindVars($sql, ':customers_account_created_date:', 'NOW()', 'noquotestring');
$sql = $db->bindVars($sql, ':customers_accept_terms:', '1', 'integer');
$sql = $db->bindVars($sql, ':customers_accept_terms_date:', 'NOW()', 'noquotestring');
$sql = $db->bindVars($sql, ':customers_was_notify_date:', 'NOW()', 'noquotestring');
$sql = $db->bindVars($sql, ':customers_delete_account_request:', '0', 'integer');
$res = $db->Execute($sql);
unset($sql, $res);
}
// Notifier user account page
public function updateHeaderEndAccount(&$callingClass, $notifier, $paramsArray) {
global $db, $customer_newsletter_status;
global $messageStack;
$customer_id = $_SESSION['customer_id'];
if ( $_SESSION['customer_rgpd'] == '' ) {
if (isset($_POST) && ($_POST['privacy_conditions'] =='1')) {
$_SESSION['customer_rgpd'] = true;
$customers_info = $db->Execute("SELECT customers_info_date_account_created FROM " . TABLE_CUSTOMERS_INFO . " WHERE customers_info_id=" . (int)$customer_id. ";");
$sql = " SELECT * FROM ".TABLE_CUSTOMERS_GDPR." WHERE customers_id = :customers_id: ";
$sql = $db->bindVars($sql , ':customers_id:', $customer_id, 'integer');
$res = $db->Execute($sql);
if ($res->RecordCount() > 0) {
$sql_up = "UPDATE ".TABLE_CUSTOMERS_GDPR." SET customers_id = :customers_id:, customers_account_created_date= :customers_account_created_date:, customers_accept_terms = :customers_accept_terms:, customers_accept_terms_date = :customers_accept_terms_date:, customers_was_notify_date = :customers_was_notify_date: WHERE customers_id = :customers_id:";
$sql_up = $db->bindVars($sql_up , ':customers_id:', $customer_id, 'integer');
$sql_up = $db->bindVars($sql_up, ':customers_account_created_date:', $customers_info->fields['customers_info_date_account_created'], 'date');
$sql_up = $db->bindVars($sql_up, ':customers_accept_terms:', '1', 'integer');
$sql_up = $db->bindVars($sql_up, ':customers_accept_terms_date:', 'NOW()', 'noquotestring');
$sql_up = $db->bindVars($sql_up, ':customers_was_notify_date:', 'NOW()', 'noquotestring');
$res_up = $db->Execute($sql_up);
$messageStack->add_session('site_notifications', 'Obrigado por Actualizar!', 'caution');
}
//Send Emails
$to_name = STORE_NAME;
$to_address = EMAIL_FROM;
$email_subject = "Cliente Aceita Politica de privacidade";
$email_text = "------------------------------------------------------------"."\n";
$email_text .= "O Cliente " .$customer_id." aceitou politica de privacidade"."\n";
$email_text .= "-----------------------------------------------------------"."\n";
$from_email_name = STORE_NAME;
$from_email_address = EMAIL_FROM;
$html_msg['EMAIL_MESSAGE_HTML'] = strip_tags($_POST['privacy_conditions']);
zen_mail($to_name, $to_address, $email_subject, $email_text, $from_email_name, $from_email_address, $html_msg );
}
unset($sql, $res, $sql_up, $res_up,$_POST['privacy_conditions']);
}
//DELETE ACCOUNT
if (isset($_POST) && ($_POST['action'] == 'delete_customer_account')) {
$_SESSION['customers_delete_account_request'] == '1';
//Collect Customer Info
$sql = "SELECT customers_firstname, customers_lastname, customers_email_address, customers_email_format FROM ".TABLE_CUSTOMERS." WHERE customers_id = :customers_id:";
$sql = $db->bindVars($sql , ':customers_id:', $customer_id, 'integer');
$res = $db->Execute($sql);
$customer_name = $res->fields['customers_firstname']. ' '. $res->fields['customers_lastname'];
$email_address = $res->fields['customers_email_address'];
//SEND MAIL TO CUSTOMER
$to_name = $customer_name;
$to_address = $email_address;
$email_subject = "Pedido para Apagar a Conta na Livraria PromoBooks";
$email_text = "Olá ".$customer_name." Recebemos um pedido para apagar a sua conta na Livraria PromoBooks"."\n";
$email_text .= "Gostariamos que continuasse connosco, mas vamos proceder à eliminação da conta no prazo máximo de 20 dias"."\n\n";
$email_text .= "Todos os dados serão eliminados da Loja Online."."\n";
$email_text .= "Caso tenha efectuado encomendas, os dados relativos a facturação continuarão na LUNADIL UNIPESSOAL LDA, ao abrigo da lei portuguesa."."\n";
$email_text .= "Se pensa que este email é um engano, ou tem outras questões, por favor entre em contacto connosco"."\n";
$email_text .= "------------------------------------------------------"."\n\n";
$from_email_name = STORE_NAME;
$from_email_address = EMAIL_FROM;
zen_mail($to_name, $to_address, $email_subject, $email_text, $from_email_name, $from_email_address );
$email_text_to_admin = "Pedido para apagar conta de ".$customer_name." com o ID:".$customer_id." ";
zen_mail(STORE_NAME, EMAIL_FROM, $email_subject , $email_text_to_admin , STORE_NAME, EMAIL_FROM, $html_msg, 'welcome_extra');
// Insere pedido na base de dados
$sql_del_account = "UPDATE ".TABLE_CUSTOMERS_GDPR." SET customers_delete_account_request = :customers_delete_account_request: WHERE customers_id = :customers_id:";
$sql_del_account = $db->bindVars($sql_del_account , ':customers_delete_account_request:', '1', 'integer');
$sql_del_account = $db->bindVars($sql_del_account , ':customers_id:', $customer_id, 'integer');
$res_del_account = $db->Execute($sql_del_account);
}
//Informa cliente das sua subscrição em newsletter
$sql = " SELECT customers_newsletter FROM ".TABLE_CUSTOMERS." WHERE customers_id = :customers_id: ";
$sql = $db->bindVars($sql, ':customers_id:', $customer, 'integer');
$res = $db->Execute($sql);
//pr($res);
$customer_newsletter_status = $res->fields['customers_newsletter'];
}
function update(&$callingClass, $notifier, $paramsArray)
{
if ( $notifier == 'NOTIFY_LOGIN_SUCCESS' ) {
$this->updateNotifyLoginSuccess($callingClass, $notifier, $paramsArray);
}
if ( $notifier == 'NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD' ) {
$this->updateCreateAccountAddedCustomerRecord($callingClass, $notifier, $paramsArray);
}
if ( $notifier == 'NOTIFY_HEADER_END_ACCOUNT' ) {
$this->updateHeaderEndAccount($callingClass, $notifier, $paramsArray);
}
}
}
And then at template user account_defaultPHP Code:<?php
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
$check_until_date = '20181231'; // ON
$rgpd_date = '20180528';
// GDPR - If cookieconsent_status is set, allow tag manager to load.
// Leaving two choices here for something
$cookie_config = false; // Start only with zenid cookie
$cookie_ga_default = true; // Analytics default: doesn't track remarketing and sets anonymous IP
$cookie_external = false; // GA tracks for marketing, FB pixel, social shares, etc
//adds analytics cookie with Anonymous IP
if (!$_COOKIE["cookieconsent_status"] ) {
if( !$_COOKIE["cc_analytics"] == 'deny') {
zen_setcookie('cc_analytics', 'allow', time()+60*60*24*30, '/', (zen_not_null($current_domain) ? $current_domain : ''));
}
if ( (str_replace('-','',$_SESSION['today_is']) <= $rgpd_date) && !$_COOKIE["cc_allowSocial"] == 'deny' ) {
$cookie_external = true;
zen_setcookie('cc_allowSocial', 'allow', time()+60*60*24*30, '/', (zen_not_null($current_domain) ? $current_domain : ''));
}
}
if (isset($_COOKIE['cc_analytics']) && $_COOKIE['cc_analytics'] == 'deny') {
$cookie_ga_default = false;
}
if (isset($_COOKIE['cc_allowSocial']) && $_COOKIE['cc_allowSocial'] == 'allow') {
$cookie_external = true;
}
if (isset($_COOKIE['cookieconsent_status'])) { // It's set, check
$cookie_config = true; // flag that the user made some configuration
// allow all cookies
if ($_COOKIE['cookieconsent_status'] == 'allow') {
$cookie_ga_default = true;
$cookie_external = true;
}
}
if ( !isset($_SESSION['customers_warning_count'])) {
$_SESSION['customers_warning_count'] = 0;
}
if($_SESSION['customer_id']) {
if ( !$_SESSION['customers_delete_account_request']) {
$sql = " SELECT customers_delete_account_request FROM ".TABLE_CUSTOMERS_GDPR." WHERE customers_id = :customers_id: ";
$sql = $db->bindVars($sql , ':customers_id:', $_SESSION['customer_id'], 'integer');
$res = $db->Execute($sql);
if ($res->fields['customers_delete_account_request'] == '1') {
$_SESSION['customers_delete_account_request'] = $res->fields['customers_delete_account_request'];
unset($sql, $res);
}
}
if(str_replace('-','',$_SESSION['today_is']) <= $check_until_date ) {
define('RGPD_MSG', 'Para estar em conformidade com o Regulamento Geral da Protecção de Dados Europeia, a Livraria PromoBooks, está a informar todos os seus cliente registados antes da nova lei, a fim de tomarem conhecimento sobre os dados processados. Por favor leia a nossa política de privacidade e aceda à <a href="'.zen_href_link(FILENAME_ACCOUNT, '', 'SSL').'"> Sua Área de Cliente</a> para efectuar as alterações necessárias. Ao continuar no site, pressupõe que tem conhecimento e que assim deseja continuar. ');
if ( $_SESSION['customer_rgpd'] == '') {
$sql = " SELECT customers_accept_terms, customers_was_notify_date, customers_delete_account_request FROM ".TABLE_CUSTOMERS_GDPR." WHERE customers_id = :customers_id: ";
$sql = $db->bindVars($sql , ':customers_id:', $_SESSION['customer_id'], 'integer');
$res = $db->Execute($sql);
if ($res->RecordCount() > 0) {
if ($res->fields['customers_accept_terms'] !=='0') {
$_SESSION['customer_rgpd'] = true;
}else {
$_SESSION['customer_rgpd'] = '';
if($_SESSION['customers_warning_count'] <= 2 && $_SESSION['customers_warning_count'] !=='stop') {
$messageStack->add_session('site_notifications', RGPD_MSG, 'caution');
$_SESSION['customers_warning_count'] ++;
}
}
if ($res->fields['customers_was_notify_date'] !=='') {
$_SESSION['customer_rgpd_notified'] = $res->fields['customers_was_notify_date'];
} else {
$_SESSION['customer_rgpd_notified'] = '';
}
} else {
$_SESSION['customer_rgpd'] = '';
$_SESSION['customer_rgpd_notified'] = '';
if(($_SESSION['customers_warning_count'] <= 2) && ($_SESSION['customers_warning_count'] !=='stop')) {
$messageStack->add_session('site_notifications', RGPD_MSG, 'caution');
}
}
}
}
}
if($_SESSION['customers_warning_count'] == 2) {
unset($_SESSION['customers_warning_count']);
$_SESSION['customers_warning_count'] ='stop';
}
if ( $_SESSION['customers_delete_account_request'] == '1') {
$messageStack->add_session('site_notifications', 'Recebemos a notificação para apagar a sua conta dentro do prazo estipulado po lei será eliminada', 'caution');
}
And added a delete account formPHP Code:<?php
if (DISPLAY_PRIVACY_CONDITIONS == 'true' && $_SESSION['customer_rgpd'] == '') {
echo zen_draw_form('customer_privacy_policy', zen_href_link(FILENAME_ACCOUNT, '', 'SSL'), 'post', '') . zen_draw_hidden_field('action', 'process') . zen_draw_hidden_field('email_pref_html', 'email_format');
?>
<fieldset>
<legend><?php echo TABLE_HEADING_PRIVACY_CONDITIONS; ?></legend>
<div class="information gdpr-info"><?php echo TEXT_PRIVACY_CONDITIONS_DESCRIPTION_AT_REGISTRATION;?></div>
<?php echo zen_draw_checkbox_field('privacy_conditions', '1', false, 'id="privacy" required');?>
<label class="checkboxLabel gdpr-info-label" for="privacy"><?php echo TEXT_PRIVACY_CONDITIONS_CONFIRM;?></label>
<div class="buttonRow forward"><?php echo zen_image_submit(BUTTON_IMAGE_SUBMIT, BUTTON_SUBMIT_ALT); ?></div>
</fieldset>
<?php
}
?>
</form>
Hope it helps, but arrange this to your code.
Made this for myself so didnt't take into account some other zencart stuff "modules stuff"
OK, I'm not sure i understand completely, what do I do with this code? it is a sql query? do i execute this code in the Php MyAdmin queries to create the tables in my DB?Quote:
Originally Posted by mesnitu
10x
Yes, that's a sql statement.... but listen, this is just a example of what I've done taking into account what the store is using, etc...Quote:
Originally Posted by Adrian Ciocîrlan
You must examine what you're requiring as personal data, etc, and implement according to that.
The other post by Congerman says he's not using this record. Maybe he's right, but I prefer to have that record , even for re-consent purposes.
So you'll have to analyze what you are collecting, to be able to delete or transfer, etc..
But this is not a module.
But I think even this is not enough.
Let's take a example of a inspection to a restaurant.
They inspect everything, they say it's wonderful, everything it's fine. They even lunch at the restaurant but they leave and leave no records of what they done....
It's useless.
Same way, I believe some kind of record must exist saying what was implemented and for what.
If not.... it makes no sense.
For the moment I just want to be able to see in the DB when a user enters personal data via create account or COWOA that he checked the box and he accepted the Privacy Statement and also the date that he accepted it (for proof reasons). There isn't a record to store this information at the moement.Quote:
Originally Posted by mesnitu
Can u tel me what do I need to do to achieve this?
There is also the other thing about their "right to be forgotten".
Some people think that to comply they must just delete the customers account and purchase history etc. But not so, In the UK we are required to keep certain records under statute for 7, 10 and in some cases 20 years. This includes transactions and proving of them for tax purposes etc.
So I had to put in my privacy policy "If you wish to exercise your “Right to be forgotten” under GDPR please contact us and we will remove all data about you with the exception of data that we are required to keep under statute."
Attaching a zip of two items from my site. Page to request removal and privacy check added to the database with date for annual checkup. Not a plugin, just some quick instructions and the base code setup in folder format. Privacy, If its more then a year, they will get nag to review and check the privacy box on each login. How you use is up to you.Quote:
For the moment I just want to be able to see in the DB when a user enters personal data via create account or COWOA that he checked the box and he accepted the Privacy Statement and also the date that he accepted it (for proof reasons). There isn't a record to store this information at the moement.